New Zealand Marking - CONFIDENTIAL
Detects the New Zealand Government CONFIDENTIAL national-security classification under the Protective Security Requirements (PSR) classification system: the verified control/dissemination marking separator (CONFIDENTIAL//..., e.g. CONFIDENTIAL//NZEO) and a gated bracket form ([CONFIDENTIAL]). Deliberately narrow v1: no bare-word tier (CONFIDENTIAL is overwhelmingly common as generic business/legal boilerplate — NDAs, email footers, "STRICTLY CONFIDENTIAL", "PRIVATE AND CONFIDENTIAL" — and would swamp any bare-word detector), and the bracket tier is hard-gated by New Zealand government context because, unlike its sibling markings, [CONFIDENTIAL] is not a verified SEEMail trigger word. Regex logic verified directly against official PSR marking-format guidance (protectivesecurity.govt.nz); matched case-sensitively.
- Type
- regex
- Engine
- boost_regex
- Confidence
- high
- Confidence justification
- High confidence on the `//` national-security-marking form: a structurally distinctive, case-sensitive token with low natural-English collision risk, directly verified against the official PSR marking-format guidance (not inferred); the regex requires an uppercase letter immediately after the separator (//[A-Z]) so URL/path double-slash artifacts cannot fire it. The gated bracket tier (75) is lower evidence — no primary source attests [CONFIDENTIAL] as a real marking convention the way [RESTRICTED]/[SENSITIVE]/[IN-CONFIDENCE] are attested as SEEMail trigger words — so it requires positive New Zealand government/PSR corroborative evidence rather than firing on the bracket alone. There is deliberately no bare-word tier: "CONFIDENTIAL" alone is one of the most common words in generic business/legal boilerplate and would produce overwhelming noise.
- Jurisdictions
- nz
- Regulations
- Privacy Act 2020 (NZ)
- Frameworks
- PSR
- Data categories
- government, security
- Scope
- narrow
- Risk rating
- 9
- Platform compatibility
- Purview: Compatible, GCP DLP: Compatible, Macie: Compatible, Zscaler: Compatible, Palo Alto: Compatible, Netskope: Compatible
Pattern
\bCONFIDENTIAL//[A-Z]
Corroborative evidence keywords
New Zealand, PSR, Protective Security Requirements, Cabinet
Proximity: 300 characters
Should match
This cable is classified CONFIDENTIAL//NZEO — do not release outside New Zealand.— Verified national-security marking format — CONFIDENTIAL classification with the NZEO (New Zealand Eyes Only) dissemination marking, double-forward-slash separated per PSR marking-format guidanceAnnex marked CONFIDENTIAL//REL TO NZL, AUS and restricted to accredited staff only.— PDF-wrapped dissemination list — the line wrap falls after the CONFIDENTIAL// trigger, which remains an unbroken token per PSR guidanceSubject: [CONFIDENTIAL] Cabinet paper — handle per New Zealand Government PSR classification requirements— Gated bracket form — New Zealand Government/PSR corroborative context present within 300 charactersNew Zealand Government agencies must handle this [CONFIDENTIAL] briefing under PSR requirements.— Gated bracket form, second worked example — PSR corroborative context present
Should not match
STRICTLY CONFIDENTIAL — do not distribute beyond this list— no bare-word tier — bare/title-case "CONFIDENTIAL" boilerplate never matches (locked design decision)PRIVATE AND CONFIDENTIAL — see the attached NDA for full terms— no bare-word tier — common legal/NDA boilerplate never matches[CONFIDENTIAL] — please treat this business proposal accordingly— bracket form present but excluded by the missing New Zealand government/PSR AND-gate (no corroborative context nearby)please keep this confidential between us until the announcement— lowercase English word (case-sensitive exclusion)
Known false positives
- ALL-CAPS prose (legal boilerplate, headers, or documents rendered entirely in capitals) defeats the case-sensitivity signal the CONFIDENTIAL tokens rely on. Mitigation: Treat hits as lower confidence when the surrounding text is itself all-caps; the `//` tier (85) remains the most reliable signal since it additionally requires the structural separator.
- CONFIDENTIAL is one of the most common words in generic business and legal boilerplate: NDAs, email footers/disclaimers, and stock phrases like "STRICTLY CONFIDENTIAL" or "PRIVATE AND CONFIDENTIAL" vastly outnumber genuine PSR classification use. Mitigation: A bare CONFIDENTIAL tier is deliberately omitted (locked design decision) rather than attempting to gate it — none of "CONFIDENTIAL" alone, "STRICTLY CONFIDENTIAL", or "PRIVATE AND CONFIDENTIAL" will fire this SIT under any tier.
- Unlike [RESTRICTED], [SENSITIVE], and [IN-CONFIDENCE] — confirmed as the complete SEEMail bracket trigger-word set ([SEEMAIL], [TRUSTED], [RESTRICTED], [SENSITIVE], [IN-CONFIDENCE], verified directly against the PSR marking-guidance page) — [CONFIDENTIAL] is NOT a SEEMail trigger word, and structurally cannot be: SEEMail's classification ceiling is RESTRICTED/ SENSITIVE (the "Restricted group" service tier), so it never carries CONFIDENTIAL-classified content in the first place. Any "[CONFIDENTIAL]" bracket found in the wild is far more likely to be informal business bracket-tag notation than a genuine PSR marking. Mitigation: The bracket tier is hard-gated by New Zealand government/PSR corroborative evidence specifically because no attested official convention exists for it, unlike its sibling markings' bracket tiers (which carry real, if legacy, SEEMail provenance).
- New Zealand's CONFIDENTIAL//... marking format is interoperable with the Five-Eyes REL TO convention, so genuine hits (e.g. CONFIDENTIAL//REL TO NZL, AUS) also fire the existing us-classification-banner pattern, whose alternation includes CONFIDENTIAL with the same separator syntax. This co-fire is expected and correct - both SITs are identifying the same interoperable classification banner. Mitigation: Deploy policies should expect the double-hit and treat the SITs as corroborating, not conflicting, signals.
- This is a deliberately narrow v1 for CONFIDENTIAL. Structured detection beyond the verified `//` form awaits clarity on the Secure Government Email (SGE) Framework's own marking-rendering conventions (SEEMail's replacement, rolling out during 2026), which had no published marking syntax at the time of writing. Mitigation: Revisit this SIT once SGE marking conventions (if any) are published; the `//` tier is expected to remain valid regardless of the SEEMail-to-SGE transition.